Question
I am using SqlMembershipProvider with asp.net and it works fine until I try to use iframes or frames.
When I login without them, I have no issues but if I wrap our website from our customer's site, and try to login, it just flashes and comes back to the original site with all the fields cleared.
I can duplicate this easily with our site on IE 8 and 9 but I have no issues with firefox or chrome.
Is there another way of accomplishing this or getting around it?
====== EDIT ======
Our clients are calling our 'portal' from their website and would like to integrate our portal into it seamlessly as if it is part of their site.
We thought we could accomplish this with an iframe wrapping our portal from their site but I am not having any luck with it working with the login, from what I have read it's a cross domain cookie problem(?).
Hope this helps clarify things some...
La solution
You can use FormsAuthentication.SetAuthCookie, and pass the initial credentials in the URL in encrypted way,
This question will strongly help you in internet explorer, other broesers ar OK,
Cookie blocked/not saved in IFRAME in Internet Explorer
I have tested with Chrome, Firefox, Opera (Will give a warning first time), it is working perfectly, no problem, but with IE, you need to see the question that I have provided.
Autres conseils
Internet Explorer won't send cookies through IFRAMES unless you specify a P3P header.
The easiest way of doing this, is indicating a custom HTTP header in your Web.config:
https://stackoverflow.com/questions/13768677
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian <system.webServer>
<httpProtocol>
<customHeaders>
<add name="P3P" value='CP="CAO PSA OUR"'/>
This way you do not have to mess in your code with this stuff.
This HTTP header is called Compact P3P, and it should do the trick because I have been in the same situation than you before.
I am afraid that maybe the Safari browser it is a little bit trickier, since Safari won't send the cookies unless the user interacts with the IFRAME content as seen here: Iframe, cross-domain cookies, p3p policy, and safari with error: A required anti-forgery token was not supplied or was invalid . What would probably be not a big problem in your case.
Cheers.
If it's an option to install a subdomain in the DNS and add host headers to IIS, you could try to circumvent cross-domain security by setting up the subdomain to point at your site.
[top] example.com @ customerIP => [iframe] portal.example.com @ yourIP
Make sure the domains are shared by putting this JavaScript in your code:
document.domain = "example.com"
